

<!DOCTYPE html>
<html class="writer-html5" lang="en" >
<head>
  <meta charset="utf-8" />
  
  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  
  <title>管理指南 &mdash; Ceph Documentation</title>
  

  
  <link rel="stylesheet" href="../../_static/ceph.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/graphviz.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/css/custom.css" type="text/css" />

  
  
    <link rel="shortcut icon" href="../../_static/favicon.ico"/>
  

  
  

  

  
  <!--[if lt IE 9]>
    <script src="../../_static/js/html5shiv.min.js"></script>
  <![endif]-->
  
    
      <script type="text/javascript" id="documentation_options" data-url_root="../../" src="../../_static/documentation_options.js"></script>
        <script src="../../_static/jquery.js"></script>
        <script src="../../_static/underscore.js"></script>
        <script src="../../_static/doctools.js"></script>
    
    <script type="text/javascript" src="../../_static/js/theme.js"></script>

    
    <link rel="index" title="Index" href="../../genindex/" />
    <link rel="search" title="Search" href="../../search/" />
    <link rel="next" title="Ceph 对象网关的 S3 API" href="../s3/" />
    <link rel="prev" title="Ceph 对象网关配置参考" href="../config-ref/" /> 
</head>

<body class="wy-body-for-nav">

   
  <header class="top-bar">
    

















<div role="navigation" aria-label="breadcrumbs navigation">

  <ul class="wy-breadcrumbs">
    
      <li><a href="../../" class="icon icon-home"></a> &raquo;</li>
        
          <li><a href="../">Ceph 对象网关</a> &raquo;</li>
        
      <li>管理指南</li>
    
    
      <li class="wy-breadcrumbs-aside">
        
          
            <a href="../../_sources/radosgw/admin.rst.txt" rel="nofollow"> View page source</a>
          
        
      </li>
    
  </ul>

  
  <hr/>
</div>
  </header>
  <div class="wy-grid-for-nav">
    
    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
      <div class="wy-side-scroll">
        <div class="wy-side-nav-search"  style="background: #eee" >
          

          
            <a href="../../">
          

          
            
            <img src="../../_static/logo.png" class="logo" alt="Logo"/>
          
          </a>

          

          
<div role="search">
  <form id="rtd-search-form" class="wy-form" action="../../search/" method="get">
    <input type="text" name="q" placeholder="Search docs" />
    <input type="hidden" name="check_keywords" value="yes" />
    <input type="hidden" name="area" value="default" />
  </form>
</div>

          
        </div>

        
        <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
          
            
            
              
            
            
              <ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../start/intro/">Ceph 简介</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../install/">安装 Ceph</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../cephadm/">Cephadm</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../rados/">Ceph 存储集群</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../cephfs/">Ceph 文件系统</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../rbd/">Ceph 块设备</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="../">Ceph 对象网关</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../frontends/">HTTP 前端</a></li>
<li class="toctree-l2"><a class="reference internal" href="../placement/">存储池归置与存储类</a></li>
<li class="toctree-l2"><a class="reference internal" href="../multisite/">多站配置</a></li>
<li class="toctree-l2"><a class="reference internal" href="../multisite-sync-policy/">多站同步策略配置</a></li>
<li class="toctree-l2"><a class="reference internal" href="../pools/">存储池的配置</a></li>
<li class="toctree-l2"><a class="reference internal" href="../config-ref/">配置参考</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">管理指南</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#id2">用户管理</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#id3">创建用户</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id4">创建子用户</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id5">获取用户信息</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id6">修改用户信息</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id7">用户的启用、暂停</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id8">删除用户</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id9">删除子用户</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id10">增加、删除密钥</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id11">增加、删除管理能力</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#id12">配额管理</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#id13">设置用户配额</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id14">启用或禁用用户配额</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id15">设置桶配额</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id16">启用、禁用桶配额</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id17">查看配额配置信息</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id18">更新配额统计信息</a></li>
<li class="toctree-l4"><a class="reference internal" href="#rgw-user-usage-stats">查看用户使用情况的统计信息</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id20">默认配额</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id21">配额缓存</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id22">读取、写入全局配额</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#rate-limit-management">Rate Limit Management</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#set-user-rate-limit">Set User Rate Limit</a></li>
<li class="toctree-l4"><a class="reference internal" href="#get-user-rate-limit">Get User Rate Limit</a></li>
<li class="toctree-l4"><a class="reference internal" href="#enable-disable-user-rate-limit">Enable/Disable User Rate Limit</a></li>
<li class="toctree-l4"><a class="reference internal" href="#set-bucket-rate-limit">Set Bucket Rate Limit</a></li>
<li class="toctree-l4"><a class="reference internal" href="#get-bucket-rate-limit">Get Bucket Rate Limit</a></li>
<li class="toctree-l4"><a class="reference internal" href="#enable-disable-bucket-rate-limit">Enable/Disable Bucket Rate Limit</a></li>
<li class="toctree-l4"><a class="reference internal" href="#reading-writing-global-rate-limit-configuration">Reading / Writing Global Rate Limit Configuration</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#id23">使用情况</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#id24">查看使用情况</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id25">清理统计日志</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../s3/">S3 API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../rgw-cache/">Data caching and CDN</a></li>
<li class="toctree-l2"><a class="reference internal" href="../swift/">Swift API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../adminops/">管理操作 API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../api/">Python 接口</a></li>
<li class="toctree-l2"><a class="reference internal" href="../nfs/">通过 NFS 导出</a></li>
<li class="toctree-l2"><a class="reference internal" href="../keystone/">与 OpenStack Keystone 对接</a></li>
<li class="toctree-l2"><a class="reference internal" href="../barbican/">与 OpenStack Barbican 对接</a></li>
<li class="toctree-l2"><a class="reference internal" href="../vault/">与 HashiCorp Vault 对接</a></li>
<li class="toctree-l2"><a class="reference internal" href="../kmip/">KMIP Integration</a></li>
<li class="toctree-l2"><a class="reference internal" href="../opa/">与 Open Policy Agent 对接</a></li>
<li class="toctree-l2"><a class="reference internal" href="../multitenancy/">多租户</a></li>
<li class="toctree-l2"><a class="reference internal" href="../compression/">压缩</a></li>
<li class="toctree-l2"><a class="reference internal" href="../ldap-auth/">LDAP 认证</a></li>
<li class="toctree-l2"><a class="reference internal" href="../encryption/">服务器端加密</a></li>
<li class="toctree-l2"><a class="reference internal" href="../bucketpolicy/">桶策略</a></li>
<li class="toctree-l2"><a class="reference internal" href="../dynamicresharding/">动态的桶索引重分片</a></li>
<li class="toctree-l2"><a class="reference internal" href="../mfa/">多因子认证</a></li>
<li class="toctree-l2"><a class="reference internal" href="../sync-modules/">同步模块</a></li>
<li class="toctree-l2"><a class="reference internal" href="../notifications/">Bucket Notifications</a></li>
<li class="toctree-l2"><a class="reference internal" href="../layout/">RADOS 中的数据布局</a></li>
<li class="toctree-l2"><a class="reference internal" href="../STS/">STS</a></li>
<li class="toctree-l2"><a class="reference internal" href="../STSLite/">STS Lite</a></li>
<li class="toctree-l2"><a class="reference internal" href="../keycloak/">Keycloak</a></li>
<li class="toctree-l2"><a class="reference internal" href="../role/">Role</a></li>
<li class="toctree-l2"><a class="reference internal" href="../session-tags/">Session Tags</a></li>
<li class="toctree-l2"><a class="reference internal" href="../orphans/">Orphan List and Associated Tooliing</a></li>
<li class="toctree-l2"><a class="reference internal" href="../oidc/">OpenID Connect Provider</a></li>
<li class="toctree-l2"><a class="reference internal" href="../troubleshooting/">故障排除</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../man/8/radosgw/">radosgw 手册页</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../man/8/radosgw-admin/">radosgw-admin 手册页</a></li>
<li class="toctree-l2"><a class="reference internal" href="../qat-accel/">使用 QAT 为加密和压缩提速</a></li>
<li class="toctree-l2"><a class="reference internal" href="../s3select/">S3-select</a></li>
<li class="toctree-l2"><a class="reference internal" href="../lua-scripting/">Lua Scripting</a></li>
<li class="toctree-l2"><a class="reference internal" href="../d3n_datacache/">D3N Data Cache</a></li>
<li class="toctree-l2"><a class="reference internal" href="../cloud-transition/">Cloud Transition</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../mgr/">Ceph 管理器守护进程</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../mgr/dashboard/">Ceph 仪表盘</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../api/">API 文档</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../architecture/">体系结构</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../dev/developer_guide/">开发者指南</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../dev/internals/">Ceph 内幕</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../governance/">项目管理</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../foundation/">Ceph 基金会</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../ceph-volume/">ceph-volume</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../releases/general/">Ceph 版本（总目录）</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../releases/">Ceph 版本（索引）</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../security/">Security</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../glossary/">Ceph 术语</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../jaegertracing/">Tracing</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../translation_cn/">中文版翻译资源</a></li>
</ul>

            
          
        </div>
        
      </div>
    </nav>

    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">

      
      <nav class="wy-nav-top" aria-label="top navigation">
        
          <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
          <a href="../../">Ceph</a>
        
      </nav>


      <div class="wy-nav-content">
        
        <div class="rst-content">
        
          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
           <div itemprop="articleBody">
            
<div id="dev-warning" class="admonition note">
  <p class="first admonition-title">Notice</p>
  <p class="last">This document is for a development version of Ceph.</p>
</div>
  <div id="docubetter" align="right" style="padding: 5px; font-weight: bold;">
    <a href="https://pad.ceph.com/p/Report_Documentation_Bugs">Report a Documentation Bug</a>
  </div>

  
  <div class="section" id="id1">
<h1>管理指南<a class="headerlink" href="#id1" title="Permalink to this headline">¶</a></h1>
<p>你配置好 Ceph 对象存储服务并运行正常之后，
就可以管理服务了，有用户管理、访问控制、
配额管理、和使用情况跟踪等功能。</p>
<div class="section" id="id2">
<h2>用户管理<a class="headerlink" href="#id2" title="Permalink to this headline">¶</a></h2>
<p>Ceph 对象存储的用户管理指的是 Ceph 对象存储服务的用户（换句话说，
不是 Ceph 对象网关作为 Ceph 存储集群的一个用户）。你必须创建一个用户、
访问密钥和私钥，这样最终用户才能和 Ceph 对象网关服务交互。</p>
<p>有两种用户类型：</p>
<ul class="simple">
<li><p><strong>用户:</strong> ‘user’ 这个术语反映的是 S3 接口的用户。</p></li>
<li><p><strong>子用户:</strong> ‘subuser’ 这个术语反映的是 Swift 接口的用户。子用户关联到了用户。</p></li>
</ul>
<p>You can create, modify, view, suspend and remove users and subusers. In addition
to user and subuser IDs, you may add a display name and an email address for a
user.  You can specify a key and secret, or generate a key and secret
automatically. When generating or specifying keys, note that user IDs correspond
to an S3 key type and subuser IDs correspond to a swift key type. Swift keys
also have access levels of <code class="docutils literal notranslate"><span class="pre">read</span></code>, <code class="docutils literal notranslate"><span class="pre">write</span></code>, <code class="docutils literal notranslate"><span class="pre">readwrite</span></code> and <code class="docutils literal notranslate"><span class="pre">full</span></code>.</p>
<div class="section" id="id3">
<h3>创建用户<a class="headerlink" href="#id3" title="Permalink to this headline">¶</a></h3>
<p>To create a user (S3 interface), execute the following:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">user</span> <span class="n">create</span> <span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="p">{</span><span class="n">username</span><span class="p">}</span> <span class="o">--</span><span class="n">display</span><span class="o">-</span><span class="n">name</span><span class="o">=</span><span class="s2">&quot;{display-name}&quot;</span> <span class="p">[</span><span class="o">--</span><span class="n">email</span><span class="o">=</span><span class="p">{</span><span class="n">email</span><span class="p">}]</span>
</pre></div>
</div>
<p>例如:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">user</span> <span class="n">create</span> <span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="n">johndoe</span> <span class="o">--</span><span class="n">display</span><span class="o">-</span><span class="n">name</span><span class="o">=</span><span class="s2">&quot;John Doe&quot;</span> <span class="o">--</span><span class="n">email</span><span class="o">=</span><span class="n">john</span><span class="nd">@example</span><span class="o">.</span><span class="n">com</span>
</pre></div>
</div>
<div class="highlight-javascript notranslate"><div class="highlight"><pre><span></span><span class="p">{</span> <span class="s2">&quot;user_id&quot;</span><span class="o">:</span> <span class="s2">&quot;johndoe&quot;</span><span class="p">,</span>
  <span class="s2">&quot;display_name&quot;</span><span class="o">:</span> <span class="s2">&quot;John Doe&quot;</span><span class="p">,</span>
  <span class="s2">&quot;email&quot;</span><span class="o">:</span> <span class="s2">&quot;john@example.com&quot;</span><span class="p">,</span>
  <span class="s2">&quot;suspended&quot;</span><span class="o">:</span> <span class="mf">0</span><span class="p">,</span>
  <span class="s2">&quot;max_buckets&quot;</span><span class="o">:</span> <span class="mf">1000</span><span class="p">,</span>
  <span class="s2">&quot;subusers&quot;</span><span class="o">:</span> <span class="p">[],</span>
  <span class="s2">&quot;keys&quot;</span><span class="o">:</span> <span class="p">[</span>
        <span class="p">{</span> <span class="s2">&quot;user&quot;</span><span class="o">:</span> <span class="s2">&quot;johndoe&quot;</span><span class="p">,</span>
          <span class="s2">&quot;access_key&quot;</span><span class="o">:</span> <span class="s2">&quot;11BS02LGFB6AL6H1ADMW&quot;</span><span class="p">,</span>
          <span class="s2">&quot;secret_key&quot;</span><span class="o">:</span> <span class="s2">&quot;vzCEkuryfn060dfee4fgQPqFrncKEIkh3ZcdOANY&quot;</span><span class="p">}],</span>
  <span class="s2">&quot;swift_keys&quot;</span><span class="o">:</span> <span class="p">[],</span>
  <span class="s2">&quot;caps&quot;</span><span class="o">:</span> <span class="p">[],</span>
  <span class="s2">&quot;op_mask&quot;</span><span class="o">:</span> <span class="s2">&quot;read, write, delete&quot;</span><span class="p">,</span>
  <span class="s2">&quot;default_placement&quot;</span><span class="o">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
  <span class="s2">&quot;placement_tags&quot;</span><span class="o">:</span> <span class="p">[],</span>
  <span class="s2">&quot;bucket_quota&quot;</span><span class="o">:</span> <span class="p">{</span> <span class="s2">&quot;enabled&quot;</span><span class="o">:</span> <span class="kc">false</span><span class="p">,</span>
      <span class="s2">&quot;max_size_kb&quot;</span><span class="o">:</span> <span class="o">-</span><span class="mf">1</span><span class="p">,</span>
      <span class="s2">&quot;max_objects&quot;</span><span class="o">:</span> <span class="o">-</span><span class="mf">1</span><span class="p">},</span>
  <span class="s2">&quot;user_quota&quot;</span><span class="o">:</span> <span class="p">{</span> <span class="s2">&quot;enabled&quot;</span><span class="o">:</span> <span class="kc">false</span><span class="p">,</span>
      <span class="s2">&quot;max_size_kb&quot;</span><span class="o">:</span> <span class="o">-</span><span class="mf">1</span><span class="p">,</span>
      <span class="s2">&quot;max_objects&quot;</span><span class="o">:</span> <span class="o">-</span><span class="mf">1</span><span class="p">},</span>
  <span class="s2">&quot;temp_url_keys&quot;</span><span class="o">:</span> <span class="p">[]}</span>
</pre></div>
</div>
<p>Creating a user also creates an <code class="docutils literal notranslate"><span class="pre">access_key</span></code> and <code class="docutils literal notranslate"><span class="pre">secret_key</span></code> entry for use
with any S3 API-compatible client.</p>
<div class="admonition important">
<p class="admonition-title">Important</p>
<p>Check the key output. Sometimes <code class="docutils literal notranslate"><span class="pre">radosgw-admin</span></code>
generates a JSON escape (<code class="docutils literal notranslate"><span class="pre">\</span></code>) character, and some clients
do not know how to handle JSON escape characters. Remedies include
removing the JSON escape character (<code class="docutils literal notranslate"><span class="pre">\</span></code>), encapsulating the string
in quotes, regenerating the key and ensuring that it
does not have a JSON escape character or specify the key and secret
manually.</p>
</div>
</div>
<div class="section" id="id4">
<h3>创建子用户<a class="headerlink" href="#id4" title="Permalink to this headline">¶</a></h3>
<p>要创建用户的子用户（ Swift 接口），必须指定用户 ID （
<code class="docutils literal notranslate"><span class="pre">--uid={username}</span></code> ）、子用户 ID 和这个子用户的访问级别。</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">subuser</span> <span class="n">create</span> <span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="p">{</span><span class="n">uid</span><span class="p">}</span> <span class="o">--</span><span class="n">subuser</span><span class="o">=</span><span class="p">{</span><span class="n">uid</span><span class="p">}</span> <span class="o">--</span><span class="n">access</span><span class="o">=</span><span class="p">[</span> <span class="n">read</span> <span class="o">|</span> <span class="n">write</span> <span class="o">|</span> <span class="n">readwrite</span> <span class="o">|</span> <span class="n">full</span> <span class="p">]</span>
</pre></div>
</div>
<p>例如：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">subuser</span> <span class="n">create</span> <span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="n">johndoe</span> <span class="o">--</span><span class="n">subuser</span><span class="o">=</span><span class="n">johndoe</span><span class="p">:</span><span class="n">swift</span> <span class="o">--</span><span class="n">access</span><span class="o">=</span><span class="n">full</span>
</pre></div>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p><code class="docutils literal notranslate"><span class="pre">full</span></code> 不等于 <code class="docutils literal notranslate"><span class="pre">readwrite</span></code> ，因为它还包括访问控制策略。</p>
</div>
<div class="highlight-javascript notranslate"><div class="highlight"><pre><span></span><span class="p">{</span> <span class="s2">&quot;user_id&quot;</span><span class="o">:</span> <span class="s2">&quot;johndoe&quot;</span><span class="p">,</span>
  <span class="s2">&quot;display_name&quot;</span><span class="o">:</span> <span class="s2">&quot;John Doe&quot;</span><span class="p">,</span>
  <span class="s2">&quot;email&quot;</span><span class="o">:</span> <span class="s2">&quot;john@example.com&quot;</span><span class="p">,</span>
  <span class="s2">&quot;suspended&quot;</span><span class="o">:</span> <span class="mf">0</span><span class="p">,</span>
  <span class="s2">&quot;max_buckets&quot;</span><span class="o">:</span> <span class="mf">1000</span><span class="p">,</span>
  <span class="s2">&quot;subusers&quot;</span><span class="o">:</span> <span class="p">[</span>
        <span class="p">{</span> <span class="s2">&quot;id&quot;</span><span class="o">:</span> <span class="s2">&quot;johndoe:swift&quot;</span><span class="p">,</span>
          <span class="s2">&quot;permissions&quot;</span><span class="o">:</span> <span class="s2">&quot;full-control&quot;</span><span class="p">}],</span>
  <span class="s2">&quot;keys&quot;</span><span class="o">:</span> <span class="p">[</span>
        <span class="p">{</span> <span class="s2">&quot;user&quot;</span><span class="o">:</span> <span class="s2">&quot;johndoe&quot;</span><span class="p">,</span>
          <span class="s2">&quot;access_key&quot;</span><span class="o">:</span> <span class="s2">&quot;11BS02LGFB6AL6H1ADMW&quot;</span><span class="p">,</span>
          <span class="s2">&quot;secret_key&quot;</span><span class="o">:</span> <span class="s2">&quot;vzCEkuryfn060dfee4fgQPqFrncKEIkh3ZcdOANY&quot;</span><span class="p">}],</span>
  <span class="s2">&quot;swift_keys&quot;</span><span class="o">:</span> <span class="p">[],</span>
  <span class="s2">&quot;caps&quot;</span><span class="o">:</span> <span class="p">[],</span>
  <span class="s2">&quot;op_mask&quot;</span><span class="o">:</span> <span class="s2">&quot;read, write, delete&quot;</span><span class="p">,</span>
  <span class="s2">&quot;default_placement&quot;</span><span class="o">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
  <span class="s2">&quot;placement_tags&quot;</span><span class="o">:</span> <span class="p">[],</span>
  <span class="s2">&quot;bucket_quota&quot;</span><span class="o">:</span> <span class="p">{</span> <span class="s2">&quot;enabled&quot;</span><span class="o">:</span> <span class="kc">false</span><span class="p">,</span>
      <span class="s2">&quot;max_size_kb&quot;</span><span class="o">:</span> <span class="o">-</span><span class="mf">1</span><span class="p">,</span>
      <span class="s2">&quot;max_objects&quot;</span><span class="o">:</span> <span class="o">-</span><span class="mf">1</span><span class="p">},</span>
  <span class="s2">&quot;user_quota&quot;</span><span class="o">:</span> <span class="p">{</span> <span class="s2">&quot;enabled&quot;</span><span class="o">:</span> <span class="kc">false</span><span class="p">,</span>
      <span class="s2">&quot;max_size_kb&quot;</span><span class="o">:</span> <span class="o">-</span><span class="mf">1</span><span class="p">,</span>
      <span class="s2">&quot;max_objects&quot;</span><span class="o">:</span> <span class="o">-</span><span class="mf">1</span><span class="p">},</span>
  <span class="s2">&quot;temp_url_keys&quot;</span><span class="o">:</span> <span class="p">[]}</span>
</pre></div>
</div>
</div>
<div class="section" id="id5">
<h3>获取用户信息<a class="headerlink" href="#id5" title="Permalink to this headline">¶</a></h3>
<p>要获取某一用户的信息，可指定 <code class="docutils literal notranslate"><span class="pre">user</span> <span class="pre">info</span></code> 和用户 ID （
<code class="docutils literal notranslate"><span class="pre">--uid={username}</span></code> ）。</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">user</span> <span class="n">info</span> <span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="n">johndoe</span>
</pre></div>
</div>
</div>
<div class="section" id="id6">
<h3>修改用户信息<a class="headerlink" href="#id6" title="Permalink to this headline">¶</a></h3>
<p>To modify information about a user, you must specify the user ID (<code class="docutils literal notranslate"><span class="pre">--uid={username}</span></code>)
and the attributes you want to modify. Typical modifications are to keys and secrets,
email addresses, display names and access levels. 例如:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">user</span> <span class="n">modify</span> <span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="n">johndoe</span> <span class="o">--</span><span class="n">display</span><span class="o">-</span><span class="n">name</span><span class="o">=</span><span class="s2">&quot;John E. Doe&quot;</span>
</pre></div>
</div>
<p>To modify subuser values, specify <code class="docutils literal notranslate"><span class="pre">subuser</span> <span class="pre">modify</span></code>, user ID and the subuser ID. 例如:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">subuser</span> <span class="n">modify</span> <span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="n">johndoe</span> <span class="o">--</span><span class="n">subuser</span><span class="o">=</span><span class="n">johndoe</span><span class="p">:</span><span class="n">swift</span> <span class="o">--</span><span class="n">access</span><span class="o">=</span><span class="n">full</span>
</pre></div>
</div>
</div>
<div class="section" id="id7">
<h3>用户的启用、暂停<a class="headerlink" href="#id7" title="Permalink to this headline">¶</a></h3>
<p>When you create a user, the user is enabled by default. However, you may suspend
user  privileges and re-enable them at a later time. To suspend a user, specify
<code class="docutils literal notranslate"><span class="pre">user</span> <span class="pre">suspend</span></code> and the user ID.</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">user</span> <span class="n">suspend</span> <span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="n">johndoe</span>
</pre></div>
</div>
<p>To re-enable a suspended user, specify <code class="docutils literal notranslate"><span class="pre">user</span> <span class="pre">enable</span></code> and the user ID.</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">user</span> <span class="n">enable</span> <span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="n">johndoe</span>
</pre></div>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Disabling the user disables the subuser.</p>
</div>
</div>
<div class="section" id="id8">
<h3>删除用户<a class="headerlink" href="#id8" title="Permalink to this headline">¶</a></h3>
<p>删除用户时，这个用户以及他的子用户都会被删除。当然，如果你愿意，可以只删除子用户。要删除用户（及其子用户），可指定 <code class="docutils literal notranslate"><span class="pre">user</span> <span class="pre">rm</span></code> 和用户 ID ：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">user</span> <span class="n">rm</span> <span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="n">johndoe</span>
</pre></div>
</div>
<p>只想删除子用户时，可指定 <code class="docutils literal notranslate"><span class="pre">subuser</span> <span class="pre">rm</span></code> 和子用户 ID 。</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">subuser</span> <span class="n">rm</span> <span class="o">--</span><span class="n">subuser</span><span class="o">=</span><span class="n">johndoe</span><span class="p">:</span><span class="n">swift</span>
</pre></div>
</div>
<p>其它可选操作：</p>
<ul class="simple">
<li><p><strong>清除数据：</strong> 加 <code class="docutils literal notranslate"><span class="pre">--purge-data</span></code> 选项可清除与此 UID 相关的所有数据。</p></li>
<li><p><strong>清除密钥：</strong> 加 <code class="docutils literal notranslate"><span class="pre">--purge-keys</span></code> 选项可清除与此 UID 相关的所有密钥。</p></li>
</ul>
</div>
<div class="section" id="id9">
<h3>删除子用户<a class="headerlink" href="#id9" title="Permalink to this headline">¶</a></h3>
<p>你删除子用户的同时，也失去了 Swift 接口的访问方式，但是这个用户还在系统中存在。要删除子用户，可指定 <code class="docutils literal notranslate"><span class="pre">subuser</span> <span class="pre">rm</span></code> 及子用户
ID ：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">subuser</span> <span class="n">rm</span> <span class="o">--</span><span class="n">subuser</span><span class="o">=</span><span class="n">johndoe</span><span class="p">:</span><span class="n">swift</span>
</pre></div>
</div>
<p>其它可选操作：</p>
<ul class="simple">
<li><p><strong>清除密钥：</strong> 加 <code class="docutils literal notranslate"><span class="pre">--purge-keys</span></code> 选项可清除与此 UID 相关的所有密钥。</p></li>
</ul>
</div>
<div class="section" id="id10">
<h3>增加、删除密钥<a class="headerlink" href="#id10" title="Permalink to this headline">¶</a></h3>
<p>用户和子用户都必须有密钥才能访问 S3 或 Swift 接口。用 S3 访问时，用户需要一个由访问密钥和私钥组成的密钥对；而用 Swift 访问时，通常只需要一个私钥（密码），并且要和相关的用户 ID 一起用才行。你可以创建密钥，并指定或生成访问密钥和/或私钥；也可以删除密钥。相关选项有：</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">--key-type=&lt;type&gt;</span></code> 指定密钥类型，选项有： s3 、 swift ；</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">--access-key=&lt;key&gt;</span></code> 手动指定 S3 的访问密钥；</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">--secret-key=&lt;key&gt;</span></code> 手动指定 S3 私钥或者 Swift 私钥；</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">--gen-access-key</span></code> 自动生成随机的 S3 访问密钥；</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">--gen-secret</span></code> 自动生成一个随机的 S3 私钥或随机的 Swift 私钥。</p></li>
</ul>
<p>给用户人为指定 S3 密钥对的实例如下：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">key</span> <span class="n">create</span> <span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="n">foo</span> <span class="o">--</span><span class="n">key</span><span class="o">-</span><span class="nb">type</span><span class="o">=</span><span class="n">s3</span> <span class="o">--</span><span class="n">access</span><span class="o">-</span><span class="n">key</span> <span class="n">fooAccessKey</span> <span class="o">--</span><span class="n">secret</span><span class="o">-</span><span class="n">key</span> <span class="n">fooSecretKey</span>
</pre></div>
</div>
<div class="highlight-javascript notranslate"><div class="highlight"><pre><span></span><span class="p">{</span> <span class="s2">&quot;user_id&quot;</span><span class="o">:</span> <span class="s2">&quot;foo&quot;</span><span class="p">,</span>
  <span class="s2">&quot;rados_uid&quot;</span><span class="o">:</span> <span class="mf">0</span><span class="p">,</span>
  <span class="s2">&quot;display_name&quot;</span><span class="o">:</span> <span class="s2">&quot;foo&quot;</span><span class="p">,</span>
  <span class="s2">&quot;email&quot;</span><span class="o">:</span> <span class="s2">&quot;foo@example.com&quot;</span><span class="p">,</span>
  <span class="s2">&quot;suspended&quot;</span><span class="o">:</span> <span class="mf">0</span><span class="p">,</span>
  <span class="s2">&quot;keys&quot;</span><span class="o">:</span> <span class="p">[</span>
    <span class="p">{</span> <span class="s2">&quot;user&quot;</span><span class="o">:</span> <span class="s2">&quot;foo&quot;</span><span class="p">,</span>
      <span class="s2">&quot;access_key&quot;</span><span class="o">:</span> <span class="s2">&quot;fooAccessKey&quot;</span><span class="p">,</span>
      <span class="s2">&quot;secret_key&quot;</span><span class="o">:</span> <span class="s2">&quot;fooSecretKey&quot;</span><span class="p">}],</span>
<span class="p">}</span>
</pre></div>
</div>
<p>请注意，你可以给一个用户创建多个 S3 密钥对。</p>
<p>给一个子用户配置指定的 swift 私钥：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">key</span> <span class="n">create</span> <span class="o">--</span><span class="n">subuser</span><span class="o">=</span><span class="n">foo</span><span class="p">:</span><span class="n">bar</span> <span class="o">--</span><span class="n">key</span><span class="o">-</span><span class="nb">type</span><span class="o">=</span><span class="n">swift</span> <span class="o">--</span><span class="n">secret</span><span class="o">-</span><span class="n">key</span> <span class="n">barSecret</span>
</pre></div>
</div>
<div class="highlight-javascript notranslate"><div class="highlight"><pre><span></span><span class="p">{</span> <span class="s2">&quot;user_id&quot;</span><span class="o">:</span> <span class="s2">&quot;foo&quot;</span><span class="p">,</span>
  <span class="s2">&quot;rados_uid&quot;</span><span class="o">:</span> <span class="mf">0</span><span class="p">,</span>
  <span class="s2">&quot;display_name&quot;</span><span class="o">:</span> <span class="s2">&quot;foo&quot;</span><span class="p">,</span>
  <span class="s2">&quot;email&quot;</span><span class="o">:</span> <span class="s2">&quot;foo@example.com&quot;</span><span class="p">,</span>
  <span class="s2">&quot;suspended&quot;</span><span class="o">:</span> <span class="mf">0</span><span class="p">,</span>
  <span class="s2">&quot;subusers&quot;</span><span class="o">:</span> <span class="p">[</span>
     <span class="p">{</span> <span class="s2">&quot;id&quot;</span><span class="o">:</span> <span class="s2">&quot;foo:bar&quot;</span><span class="p">,</span>
       <span class="s2">&quot;permissions&quot;</span><span class="o">:</span> <span class="s2">&quot;full-control&quot;</span><span class="p">}],</span>
  <span class="s2">&quot;swift_keys&quot;</span><span class="o">:</span> <span class="p">[</span>
    <span class="p">{</span> <span class="s2">&quot;user&quot;</span><span class="o">:</span> <span class="s2">&quot;foo:bar&quot;</span><span class="p">,</span>
      <span class="s2">&quot;secret_key&quot;</span><span class="o">:</span> <span class="s2">&quot;asfghjghghmgm&quot;</span><span class="p">}]}</span>
</pre></div>
</div>
<p>请注意，一个子用户只能有一个 swift 私钥。</p>
<p>如果将子用户与 S3 密钥对关联，那么这些子用户也能用于 S3 API:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">key</span> <span class="n">create</span> <span class="o">--</span><span class="n">subuser</span><span class="o">=</span><span class="n">foo</span><span class="p">:</span><span class="n">bar</span> <span class="o">--</span><span class="n">key</span><span class="o">-</span><span class="nb">type</span><span class="o">=</span><span class="n">s3</span> <span class="o">--</span><span class="n">access</span><span class="o">-</span><span class="n">key</span> <span class="n">barAccessKey</span> <span class="o">--</span><span class="n">secret</span><span class="o">-</span><span class="n">key</span> <span class="n">barSecretKey</span>
</pre></div>
</div>
<div class="highlight-javascript notranslate"><div class="highlight"><pre><span></span><span class="p">{</span> <span class="s2">&quot;user_id&quot;</span><span class="o">:</span> <span class="s2">&quot;foo&quot;</span><span class="p">,</span>
  <span class="s2">&quot;rados_uid&quot;</span><span class="o">:</span> <span class="mf">0</span><span class="p">,</span>
  <span class="s2">&quot;display_name&quot;</span><span class="o">:</span> <span class="s2">&quot;foo&quot;</span><span class="p">,</span>
  <span class="s2">&quot;email&quot;</span><span class="o">:</span> <span class="s2">&quot;foo@example.com&quot;</span><span class="p">,</span>
  <span class="s2">&quot;suspended&quot;</span><span class="o">:</span> <span class="mf">0</span><span class="p">,</span>
  <span class="s2">&quot;subusers&quot;</span><span class="o">:</span> <span class="p">[</span>
     <span class="p">{</span> <span class="s2">&quot;id&quot;</span><span class="o">:</span> <span class="s2">&quot;foo:bar&quot;</span><span class="p">,</span>
       <span class="s2">&quot;permissions&quot;</span><span class="o">:</span> <span class="s2">&quot;full-control&quot;</span><span class="p">}],</span>
  <span class="s2">&quot;keys&quot;</span><span class="o">:</span> <span class="p">[</span>
    <span class="p">{</span> <span class="s2">&quot;user&quot;</span><span class="o">:</span> <span class="s2">&quot;foo:bar&quot;</span><span class="p">,</span>
      <span class="s2">&quot;access_key&quot;</span><span class="o">:</span> <span class="s2">&quot;barAccessKey&quot;</span><span class="p">,</span>
      <span class="s2">&quot;secret_key&quot;</span><span class="o">:</span> <span class="s2">&quot;barSecretKey&quot;</span><span class="p">}],</span>
<span class="p">}</span>
</pre></div>
</div>
<p>要删除一个 S3 密钥对，需指定访问密钥。</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">key</span> <span class="n">rm</span> <span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="n">foo</span> <span class="o">--</span><span class="n">key</span><span class="o">-</span><span class="nb">type</span><span class="o">=</span><span class="n">s3</span> <span class="o">--</span><span class="n">access</span><span class="o">-</span><span class="n">key</span><span class="o">=</span><span class="n">fooAccessKey</span>
</pre></div>
</div>
<p>删除 swift 私钥。</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">key</span> <span class="n">rm</span> <span class="o">--</span><span class="n">subuser</span><span class="o">=</span><span class="n">foo</span><span class="p">:</span><span class="n">bar</span> <span class="o">--</span><span class="n">key</span><span class="o">-</span><span class="nb">type</span><span class="o">=</span><span class="n">swift</span>
</pre></div>
</div>
</div>
<div class="section" id="id11">
<h3>增加、删除管理能力<a class="headerlink" href="#id11" title="Permalink to this headline">¶</a></h3>
<p>Ceph 存储集群提供了一个管理 API ，用户可以通过 REST API 使用管理功能。默认情况下，用户<strong>无权</strong>访问这个 API ，给用户分配管理能力后，他才能使用管理功能。</p>
<p>要给用户分配管理能力，执行下面的：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">caps</span> <span class="n">add</span> <span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="p">{</span><span class="n">uid</span><span class="p">}</span> <span class="o">--</span><span class="n">caps</span><span class="o">=</span><span class="p">{</span><span class="n">caps</span><span class="p">}</span>
</pre></div>
</div>
<p>你可以给 users 、 buckets 、 metadata 和 usage （利用率）分配
read 、 write 或 all 能力，例如：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="o">--</span><span class="n">caps</span><span class="o">=</span><span class="s2">&quot;[users|buckets|metadata|usage|zone]=[*|read|write|read, write]&quot;</span>
</pre></div>
</div>
<p>例如：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">caps</span> <span class="n">add</span> <span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="n">johndoe</span> <span class="o">--</span><span class="n">caps</span><span class="o">=</span><span class="s2">&quot;users=*;buckets=*&quot;</span>
</pre></div>
</div>
<p>要删除某用户的管理能力，可用下面的命令：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">caps</span> <span class="n">rm</span> <span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="n">johndoe</span> <span class="o">--</span><span class="n">caps</span><span class="o">=</span><span class="p">{</span><span class="n">caps</span><span class="p">}</span>
</pre></div>
</div>
</div>
</div>
<div class="section" id="id12">
<h2>配额管理<a class="headerlink" href="#id12" title="Permalink to this headline">¶</a></h2>
<p>Ceph 对象网关允许你给用户及其拥有的桶设置配额，可设置的配额有桶内的最大对象数、和桶可以存储的最大数据尺寸。</p>
<ul class="simple">
<li><p><strong>桶：</strong> 加 <code class="docutils literal notranslate"><span class="pre">--bucket</span></code> 选项说明配额操作作用于用户拥有的桶。</p></li>
<li><p><strong>最大对象数：</strong> <code class="docutils literal notranslate"><span class="pre">--max-objects</span></code> 选项用于指定最大对象数，负值表示禁用此配置。</p></li>
<li><p><strong>最大尺寸：</strong> <code class="docutils literal notranslate"><span class="pre">--max-size</span></code> 选项用于指定配额尺寸，单位是 B/K/M/G/T ，默认值为 B 。负值表示禁用此配置。</p></li>
<li><p><strong>配额作用域：</strong> <code class="docutils literal notranslate"><span class="pre">--quota-scope</span></code> 参数可指定配额的作用域，可选的有 <code class="docutils literal notranslate"><span class="pre">bucket</span></code> 和 <code class="docutils literal notranslate"><span class="pre">user</span></code> 。桶配额作用于用户拥有的桶；用户配额作用于用户。</p></li>
</ul>
<div class="section" id="id13">
<h3>设置用户配额<a class="headerlink" href="#id13" title="Permalink to this headline">¶</a></h3>
<p>启用配额前，必须先配置配额参数。例如：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">quota</span> <span class="nb">set</span> <span class="o">--</span><span class="n">quota</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="n">user</span> <span class="o">--</span><span class="n">uid</span><span class="o">=&lt;</span><span class="n">uid</span><span class="o">&gt;</span> <span class="p">[</span><span class="o">--</span><span class="nb">max</span><span class="o">-</span><span class="n">objects</span><span class="o">=&lt;</span><span class="n">num</span> <span class="n">objects</span><span class="o">&gt;</span><span class="p">]</span> <span class="p">[</span><span class="o">--</span><span class="nb">max</span><span class="o">-</span><span class="n">size</span><span class="o">=&lt;</span><span class="nb">max</span> <span class="n">size</span><span class="o">&gt;</span><span class="p">]</span>
</pre></div>
</div>
<p>例如：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">quota</span> <span class="nb">set</span> <span class="o">--</span><span class="n">quota</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="n">user</span> <span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="n">johndoe</span> <span class="o">--</span><span class="nb">max</span><span class="o">-</span><span class="n">objects</span><span class="o">=</span><span class="mi">1024</span> <span class="o">--</span><span class="nb">max</span><span class="o">-</span><span class="n">size</span><span class="o">=</span><span class="mi">1024</span><span class="n">B</span>
</pre></div>
</div>
<p>对象数和、或最大尺寸为负值时，表示不再检查这种配额属性。</p>
</div>
<div class="section" id="id14">
<h3>启用或禁用用户配额<a class="headerlink" href="#id14" title="Permalink to this headline">¶</a></h3>
<p>设置好用户配额后就可以启用了。例如：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">quota</span> <span class="n">enable</span> <span class="o">--</span><span class="n">quota</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="n">user</span> <span class="o">--</span><span class="n">uid</span><span class="o">=&lt;</span><span class="n">uid</span><span class="o">&gt;</span>
</pre></div>
</div>
<p>你也可以关闭已启用的用户配额功能。例如：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">quota</span> <span class="n">disable</span> <span class="o">--</span><span class="n">quota</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="n">user</span> <span class="o">--</span><span class="n">uid</span><span class="o">=&lt;</span><span class="n">uid</span><span class="o">&gt;</span>
</pre></div>
</div>
</div>
<div class="section" id="id15">
<h3>设置桶配额<a class="headerlink" href="#id15" title="Permalink to this headline">¶</a></h3>
<p>Bucket quotas apply to the buckets owned by the specified <code class="docutils literal notranslate"><span class="pre">uid</span></code>. They are
independent of the user.</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">quota</span> <span class="nb">set</span> <span class="o">--</span><span class="n">uid</span><span class="o">=&lt;</span><span class="n">uid</span><span class="o">&gt;</span> <span class="o">--</span><span class="n">quota</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="n">bucket</span> <span class="p">[</span><span class="o">--</span><span class="nb">max</span><span class="o">-</span><span class="n">objects</span><span class="o">=&lt;</span><span class="n">num</span> <span class="n">objects</span><span class="o">&gt;</span><span class="p">]</span> <span class="p">[</span><span class="o">--</span><span class="nb">max</span><span class="o">-</span><span class="n">size</span><span class="o">=&lt;</span><span class="nb">max</span> <span class="n">size</span><span class="p">]</span>
</pre></div>
</div>
<p>A negative value for num objects and / or max size means that the
specific quota attribute check is disabled.</p>
</div>
<div class="section" id="id16">
<h3>启用、禁用桶配额<a class="headerlink" href="#id16" title="Permalink to this headline">¶</a></h3>
<p>设置好桶配额后，你可以这样启用：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">quota</span> <span class="n">enable</span> <span class="o">--</span><span class="n">quota</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="n">bucket</span> <span class="o">--</span><span class="n">uid</span><span class="o">=&lt;</span><span class="n">uid</span><span class="o">&gt;</span>
</pre></div>
</div>
<p>已启用的桶配额可禁用。例如：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">quota</span> <span class="n">disable</span> <span class="o">--</span><span class="n">quota</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="n">bucket</span> <span class="o">--</span><span class="n">uid</span><span class="o">=&lt;</span><span class="n">uid</span><span class="o">&gt;</span>
</pre></div>
</div>
</div>
<div class="section" id="id17">
<h3>查看配额配置信息<a class="headerlink" href="#id17" title="Permalink to this headline">¶</a></h3>
<p>You may access each user’s quota settings via the user information
API. To read user quota setting information with the CLI interface,
execute the following:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">user</span> <span class="n">info</span> <span class="o">--</span><span class="n">uid</span><span class="o">=&lt;</span><span class="n">uid</span><span class="o">&gt;</span>
</pre></div>
</div>
</div>
<div class="section" id="id18">
<h3>更新配额统计信息<a class="headerlink" href="#id18" title="Permalink to this headline">¶</a></h3>
<p>Quota stats get updated asynchronously. You can update quota
statistics for all users and all buckets manually to retrieve
the latest quota stats.</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">user</span> <span class="n">stats</span> <span class="o">--</span><span class="n">uid</span><span class="o">=&lt;</span><span class="n">uid</span><span class="o">&gt;</span> <span class="o">--</span><span class="n">sync</span><span class="o">-</span><span class="n">stats</span>
</pre></div>
</div>
</div>
<div class="section" id="rgw-user-usage-stats">
<span id="id19"></span><h3>查看用户使用情况的统计信息<a class="headerlink" href="#rgw-user-usage-stats" title="Permalink to this headline">¶</a></h3>
<p>查看用户已经消耗了多少配额可以用下列命令：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">user</span> <span class="n">stats</span> <span class="o">--</span><span class="n">uid</span><span class="o">=&lt;</span><span class="n">uid</span><span class="o">&gt;</span>
</pre></div>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>你可以用 <code class="docutils literal notranslate"><span class="pre">radosgw-admin</span> <span class="pre">user</span> <span class="pre">stats</span></code> 命令，加上
<code class="docutils literal notranslate"><span class="pre">--sync-stats</span></code> 选项来获取最新数据。</p>
</div>
</div>
<div class="section" id="id20">
<h3>默认配额<a class="headerlink" href="#id20" title="Permalink to this headline">¶</a></h3>
<p>你可以在配置文件里设置默认配额，新增用户会采用这些默认值，而已经存在的用户不受影响。如果相关的默认配额是写在配置文件里的，那么这些配额会分配给新用户，并对其启用配额管理功能。请参考
<a class="reference external" href="../config-ref/">Ceph 对象网关配置参考</a>里的 <code class="docutils literal notranslate"><span class="pre">rgw</span> <span class="pre">bucket</span> <span class="pre">default</span> <span class="pre">quota</span> <span class="pre">max</span> <span class="pre">objects</span></code> 、
<code class="docutils literal notranslate"><span class="pre">rgw</span> <span class="pre">bucket</span> <span class="pre">default</span> <span class="pre">quota</span> <span class="pre">max</span> <span class="pre">size</span></code> 、 <code class="docutils literal notranslate"><span class="pre">rgw</span> <span class="pre">user</span> <span class="pre">default</span> <span class="pre">quota</span> <span class="pre">max</span> <span class="pre">objects</span></code>
和 <code class="docutils literal notranslate"><span class="pre">rgw</span> <span class="pre">user</span> <span class="pre">default</span> <span class="pre">quota</span> <span class="pre">max</span> <span class="pre">size</span></code> 。</p>
</div>
<div class="section" id="id21">
<h3>配额缓存<a class="headerlink" href="#id21" title="Permalink to this headline">¶</a></h3>
<p>配额统计信息缓存在各个 RGW 例程内。如果有多个例程，这些缓存就会妨碍配额的完整施行，因为各例程将持有不同的配额信息。控制这些的选项有 <code class="docutils literal notranslate"><span class="pre">rgw</span> <span class="pre">bucket</span> <span class="pre">quota</span> <span class="pre">ttl</span></code> 、
<code class="docutils literal notranslate"><span class="pre">rgw</span> <span class="pre">user</span> <span class="pre">quota</span> <span class="pre">bucket</span> <span class="pre">sync</span> <span class="pre">interval</span></code> 和
<code class="docutils literal notranslate"><span class="pre">rgw</span> <span class="pre">user</span> <span class="pre">quota</span> <span class="pre">sync</span> <span class="pre">interval</span></code> 。这些值设置得越高，配额操作越高效，但是多个例程也会变得更不同步；这些值设置得越低，多个例程就越接近完整地施行配额。如果三者都是 0 ，那就意味着配额缓存被禁用了，这样多个例程就会完整地施行配额。请参考<a class="reference external" href="../config-ref/">Ceph 对象网关配置参考</a>。</p>
</div>
<div class="section" id="id22">
<h3>读取、写入全局配额<a class="headerlink" href="#id22" title="Permalink to this headline">¶</a></h3>
<p>你可以在 period 配置中读取或写入全局配额设置，查看全局配额配置可以用：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="k">global</span> <span class="n">quota</span> <span class="n">get</span>
</pre></div>
</div>
<p>全局配额选项可以用 <code class="docutils literal notranslate"><span class="pre">global</span> <span class="pre">quota</span></code> 系列命令修改，如
<code class="docutils literal notranslate"><span class="pre">quota</span> <span class="pre">set</span></code> 、 <code class="docutils literal notranslate"><span class="pre">quota</span> <span class="pre">enable</span></code> 和 <code class="docutils literal notranslate"><span class="pre">quota</span> <span class="pre">disable</span></code> 命令。</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="k">global</span> <span class="n">quota</span> <span class="nb">set</span> <span class="o">--</span><span class="n">quota</span><span class="o">-</span><span class="n">scope</span> <span class="n">bucket</span> <span class="o">--</span><span class="nb">max</span><span class="o">-</span><span class="n">objects</span> <span class="mi">1024</span>
<span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="k">global</span> <span class="n">quota</span> <span class="n">enable</span> <span class="o">--</span><span class="n">quota</span><span class="o">-</span><span class="n">scope</span> <span class="n">bucket</span>
</pre></div>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>多站配置方案中有 realm 和 period ，改变全局配额后，必须用 <code class="docutils literal notranslate"><span class="pre">period</span> <span class="pre">update</span> <span class="pre">--commit</span></code> 提交变更。如果压根没有
period ，必须重启网关，以使变更生效。</p>
</div>
</div>
</div>
<div class="section" id="rate-limit-management">
<h2>Rate Limit Management<a class="headerlink" href="#rate-limit-management" title="Permalink to this headline">¶</a></h2>
<p>The Ceph Object Gateway enables you to set rate limits on users and buckets.
Rate limit includes the maximum number of read ops and write ops per minute
and how many bytes per minute could be written or read per user or per bucket.
Requests that are using GET or HEAD method in the REST request are considered as “read requests”, otherwise they are considered as “write requests”.
Every Object Gateway tracks per user and bucket metrics separately, these metrics are not shared with other gateways.
That means that the desired limits configured should be divide by the number of active Object Gateways.
例如, if userA should be limited by 10 ops per minute and there are 2 Object Gateways in the cluster,
the limit over userA should be 5 (10 ops per minute / 2 RGWs).
if the requests are <code class="docutils literal notranslate"><span class="pre">not</span></code> balanced between RGWs, the rate limit may be underutilized.
例如, if the ops limit is 5 and there are 2 RGWs, <code class="docutils literal notranslate"><span class="pre">but</span></code> the Load Balancer send load only to one of those RGWs,
The effective limit would be 5 ops, because this limit is enforced per RGW.
If there is a limit reached for bucket not for user or vice versa the request would be cancelled as well.
The bandwidth counting happens after the request is being accepted, as a result, even if in the middle of the request the bucket/user has reached its bandwidth limit this request will proceed.
The RGW will keep a “debt” of used bytes more than the configured value and will prevent this user/bucket from sending more requests until there “debt” is being paid.
The “debt” maximum size is twice the max-read/write-bytes per minute.
If userA has 1 byte read limit per minute and this user tries to GET 1 GB object, the user will be able to do it.
After userA completes this 1GB operation, the RGW will block the user request for up to 2 minutes until userA will be able to send GET request again.</p>
<ul class="simple">
<li><p><strong>Bucket:</strong> The <code class="docutils literal notranslate"><span class="pre">--bucket</span></code> option allows you to specify a rate limit for a
bucket.</p></li>
<li><p><strong>User:</strong> The <code class="docutils literal notranslate"><span class="pre">--uid</span></code> option allows you to specify a rate limit for a
user.</p></li>
<li><p><strong>Maximum Read Ops:</strong> The <code class="docutils literal notranslate"><span class="pre">--max-read-ops</span></code> setting allows you to specify
the maximum number of read ops per minute per RGW. A 0 value disables this setting (which means unlimited access).</p></li>
<li><p><strong>Maximum Read Bytes:</strong> The <code class="docutils literal notranslate"><span class="pre">--max-read-bytes</span></code> setting allows you to specify
the maximum number of read bytes per minute per RGW. A 0 value disables this setting (which means unlimited access).</p></li>
<li><p><strong>Maximum Write Ops:</strong> The <code class="docutils literal notranslate"><span class="pre">--max-write-ops</span></code> setting allows you to specify
the maximum number of write ops per minute per RGW. A 0 value disables this setting (which means unlimited access).</p></li>
<li><p><strong>Maximum Write Bytes:</strong> The <code class="docutils literal notranslate"><span class="pre">--max-write-bytes</span></code> setting allows you to specify
the maximum number of write bytes per minute per RGW. A 0 value disables this setting (which means unlimited access).</p></li>
<li><p><strong>Rate Limit Scope:</strong> The <code class="docutils literal notranslate"><span class="pre">--ratelimit-scope</span></code> option sets the scope for the rate limit.
The options are <code class="docutils literal notranslate"><span class="pre">bucket</span></code> , <code class="docutils literal notranslate"><span class="pre">user</span></code> and <code class="docutils literal notranslate"><span class="pre">anonymous</span></code>. Bucket rate limit apply to buckets.
The user rate limit applies to a user. Anonymous applies to an unauthenticated user.
Anonymous scope is only available for global rate limit.</p></li>
</ul>
<div class="section" id="set-user-rate-limit">
<h3>Set User Rate Limit<a class="headerlink" href="#set-user-rate-limit" title="Permalink to this headline">¶</a></h3>
<p>Before you enable a rate limit, you must first set the rate limit parameters.
例如:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>      <span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">ratelimit</span> <span class="nb">set</span> <span class="o">--</span><span class="n">ratelimit</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="n">user</span> <span class="o">--</span><span class="n">uid</span><span class="o">=&lt;</span><span class="n">uid</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="p">[</span><span class="o">--</span><span class="nb">max</span><span class="o">-</span><span class="n">read</span><span class="o">-</span><span class="n">ops</span><span class="o">=&lt;</span><span class="n">num</span> <span class="n">ops</span><span class="o">&gt;</span><span class="p">]</span> <span class="p">[</span><span class="o">--</span><span class="nb">max</span><span class="o">-</span><span class="n">read</span><span class="o">-</span><span class="nb">bytes</span><span class="o">=&lt;</span><span class="n">num</span> <span class="nb">bytes</span><span class="o">&gt;</span><span class="p">]</span>
<span class="p">[</span><span class="o">--</span><span class="nb">max</span><span class="o">-</span><span class="n">write</span><span class="o">-</span><span class="n">ops</span><span class="o">=&lt;</span><span class="n">num</span> <span class="n">ops</span><span class="o">&gt;</span><span class="p">]</span> <span class="p">[</span><span class="o">--</span><span class="nb">max</span><span class="o">-</span><span class="n">write</span><span class="o">-</span><span class="nb">bytes</span><span class="o">=&lt;</span><span class="n">num</span> <span class="nb">bytes</span><span class="o">&gt;</span><span class="p">]</span><span class="o">&gt;</span>
</pre></div>
</div>
<p>例如:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">ratelimit</span> <span class="nb">set</span> <span class="o">--</span><span class="n">ratelimit</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="n">user</span> <span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="n">johndoe</span> <span class="o">--</span><span class="nb">max</span><span class="o">-</span><span class="n">read</span><span class="o">-</span><span class="n">ops</span><span class="o">=</span><span class="mi">1024</span> <span class="o">--</span><span class="nb">max</span><span class="o">-</span><span class="n">write</span><span class="o">-</span><span class="nb">bytes</span><span class="o">=</span><span class="mi">10240</span>
</pre></div>
</div>
<p>A 0 value for num ops and / or num bytes means that the
specific rate limit attribute check is disabled.</p>
</div>
<div class="section" id="get-user-rate-limit">
<h3>Get User Rate Limit<a class="headerlink" href="#get-user-rate-limit" title="Permalink to this headline">¶</a></h3>
<p>Get the current configured rate limit parameters
例如:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">ratelimit</span> <span class="n">get</span> <span class="o">--</span><span class="n">ratelimit</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="n">user</span> <span class="o">--</span><span class="n">uid</span><span class="o">=&lt;</span><span class="n">uid</span><span class="o">&gt;</span>
</pre></div>
</div>
<p>例如:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">ratelimit</span> <span class="n">get</span> <span class="o">--</span><span class="n">ratelimit</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="n">user</span> <span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="n">johndoe</span>
</pre></div>
</div>
<p>A 0 value for num ops and / or num bytes means that the
specific rate limit attribute check is disabled.</p>
</div>
<div class="section" id="enable-disable-user-rate-limit">
<h3>Enable/Disable User Rate Limit<a class="headerlink" href="#enable-disable-user-rate-limit" title="Permalink to this headline">¶</a></h3>
<p>Once you set a user rate limit, you may enable it. 例如:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">ratelimit</span> <span class="n">enable</span> <span class="o">--</span><span class="n">ratelimit</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="n">user</span> <span class="o">--</span><span class="n">uid</span><span class="o">=&lt;</span><span class="n">uid</span><span class="o">&gt;</span>
</pre></div>
</div>
<p>You may disable an enabled user rate limit. 例如:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">ratelimit</span> <span class="n">disable</span> <span class="o">--</span><span class="n">ratelimit</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="n">user</span> <span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="n">johndoe</span>
</pre></div>
</div>
</div>
<div class="section" id="set-bucket-rate-limit">
<h3>Set Bucket Rate Limit<a class="headerlink" href="#set-bucket-rate-limit" title="Permalink to this headline">¶</a></h3>
<p>Before you enable a rate limit, you must first set the rate limit parameters.
例如:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>      <span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">ratelimit</span> <span class="nb">set</span> <span class="o">--</span><span class="n">ratelimit</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="n">bucket</span> <span class="o">--</span><span class="n">bucket</span><span class="o">=&lt;</span><span class="n">bucket</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="p">[</span><span class="o">--</span><span class="nb">max</span><span class="o">-</span><span class="n">read</span><span class="o">-</span><span class="n">ops</span><span class="o">=&lt;</span><span class="n">num</span> <span class="n">ops</span><span class="o">&gt;</span><span class="p">]</span> <span class="p">[</span><span class="o">--</span><span class="nb">max</span><span class="o">-</span><span class="n">read</span><span class="o">-</span><span class="nb">bytes</span><span class="o">=&lt;</span><span class="n">num</span> <span class="nb">bytes</span><span class="o">&gt;</span><span class="p">]</span>
<span class="p">[</span><span class="o">--</span><span class="nb">max</span><span class="o">-</span><span class="n">write</span><span class="o">-</span><span class="n">ops</span><span class="o">=&lt;</span><span class="n">num</span> <span class="n">ops</span><span class="o">&gt;</span><span class="p">]</span> <span class="p">[</span><span class="o">--</span><span class="nb">max</span><span class="o">-</span><span class="n">write</span><span class="o">-</span><span class="nb">bytes</span><span class="o">=&lt;</span><span class="n">num</span> <span class="nb">bytes</span><span class="o">&gt;</span><span class="p">]</span><span class="o">&gt;</span>
</pre></div>
</div>
<p>例如:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">ratelimit</span> <span class="nb">set</span> <span class="o">--</span><span class="n">ratelimit</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="n">bucket</span> <span class="o">--</span><span class="n">bucket</span><span class="o">=</span><span class="n">mybucket</span> <span class="o">--</span><span class="nb">max</span><span class="o">-</span><span class="n">read</span><span class="o">-</span><span class="n">ops</span><span class="o">=</span><span class="mi">1024</span> <span class="o">--</span><span class="nb">max</span><span class="o">-</span><span class="n">write</span><span class="o">-</span><span class="nb">bytes</span><span class="o">=</span><span class="mi">10240</span>
</pre></div>
</div>
<p>A 0 value for num ops and / or num bytes means that the
specific rate limit attribute check is disabled.</p>
</div>
<div class="section" id="get-bucket-rate-limit">
<h3>Get Bucket Rate Limit<a class="headerlink" href="#get-bucket-rate-limit" title="Permalink to this headline">¶</a></h3>
<p>Get the current configured rate limit parameters
例如:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">ratelimit</span> <span class="nb">set</span> <span class="o">--</span><span class="n">ratelimit</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="n">bucket</span> <span class="o">--</span><span class="n">bucket</span><span class="o">=&lt;</span><span class="n">bucket</span><span class="o">&gt;</span>
</pre></div>
</div>
<p>例如:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">ratelimit</span> <span class="n">get</span> <span class="o">--</span><span class="n">ratelimit</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="n">bucket</span> <span class="o">--</span><span class="n">bucket</span><span class="o">=</span><span class="n">mybucket</span>
</pre></div>
</div>
<p>A 0 value for num ops and / or num bytes means that the
specific rate limit attribute check is disabled.</p>
</div>
<div class="section" id="enable-disable-bucket-rate-limit">
<h3>Enable/Disable Bucket Rate Limit<a class="headerlink" href="#enable-disable-bucket-rate-limit" title="Permalink to this headline">¶</a></h3>
<p>Once you set a bucket rate limit, you may enable it. 例如:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">ratelimit</span> <span class="n">enable</span> <span class="o">--</span><span class="n">ratelimit</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="n">bucket</span> <span class="o">--</span><span class="n">bucket</span><span class="o">=&lt;</span><span class="n">bucket</span><span class="o">&gt;</span>
</pre></div>
</div>
<p>You may disable an enabled bucket rate limit. 例如:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">ratelimit</span> <span class="n">disable</span> <span class="o">--</span><span class="n">ratelimit</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="n">bucket</span> <span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="n">mybucket</span>
</pre></div>
</div>
</div>
<div class="section" id="reading-writing-global-rate-limit-configuration">
<h3>Reading / Writing Global Rate Limit Configuration<a class="headerlink" href="#reading-writing-global-rate-limit-configuration" title="Permalink to this headline">¶</a></h3>
<p>You can read and write global rate limit settings in the period configuration. To
view the global rate limit settings:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="k">global</span> <span class="n">rate</span> <span class="n">limit</span> <span class="n">get</span>
</pre></div>
</div>
<p>The global rate limit settings can be manipulated with the <code class="docutils literal notranslate"><span class="pre">global</span> <span class="pre">ratelimit</span></code>
counterparts of the <code class="docutils literal notranslate"><span class="pre">ratelimit</span> <span class="pre">set</span></code>, <code class="docutils literal notranslate"><span class="pre">ratelimit</span> <span class="pre">enable</span></code>, and <code class="docutils literal notranslate"><span class="pre">ratelimit</span> <span class="pre">disable</span></code>
commands. Per user and per bucket ratelimit configuration is overriding the global configuration:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="k">global</span> <span class="n">ratelimit</span> <span class="nb">set</span> <span class="o">--</span><span class="n">ratelimit</span><span class="o">-</span><span class="n">scope</span> <span class="n">bucket</span> <span class="o">--</span><span class="nb">max</span><span class="o">-</span><span class="n">read</span><span class="o">-</span><span class="n">ops</span><span class="o">=</span><span class="mi">1024</span>
<span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="k">global</span> <span class="n">ratelimit</span> <span class="n">enable</span> <span class="o">--</span><span class="n">ratelimit</span><span class="o">-</span><span class="n">scope</span> <span class="n">bucket</span>
</pre></div>
</div>
<p>The global rate limit can configure rate limit scope for all authenticated users:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="k">global</span> <span class="n">ratelimit</span> <span class="nb">set</span> <span class="o">--</span><span class="n">ratelimit</span><span class="o">-</span><span class="n">scope</span> <span class="n">user</span> <span class="o">--</span><span class="nb">max</span><span class="o">-</span><span class="n">read</span><span class="o">-</span><span class="n">ops</span><span class="o">=</span><span class="mi">1024</span>
<span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="k">global</span> <span class="n">ratelimit</span> <span class="n">enable</span> <span class="o">--</span><span class="n">ratelimit</span><span class="o">-</span><span class="n">scope</span> <span class="n">user</span>
</pre></div>
</div>
<p>The global rate limit can configure rate limit scope for all unauthenticated users:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="k">global</span> <span class="n">ratelimit</span> <span class="nb">set</span> <span class="o">--</span><span class="n">ratelimit</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="n">anonymous</span> <span class="o">--</span><span class="nb">max</span><span class="o">-</span><span class="n">read</span><span class="o">-</span><span class="n">ops</span><span class="o">=</span><span class="mi">1024</span>
<span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="k">global</span> <span class="n">ratelimit</span> <span class="n">enable</span> <span class="o">--</span><span class="n">ratelimit</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="n">anonymous</span>
</pre></div>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>In a multisite configuration, where there is a realm and period
present, changes to the global rate limit must be committed using <code class="docutils literal notranslate"><span class="pre">period</span>
<span class="pre">update</span> <span class="pre">--commit</span></code>. If there is no period present, the rados gateway(s) must
be restarted for the changes to take effect.</p>
</div>
</div>
</div>
<div class="section" id="id23">
<h2>使用情况<a class="headerlink" href="#id23" title="Permalink to this headline">¶</a></h2>
<p>Ceph 对象网关会记录每个用户的使用情况，你可以查看某段时间内用户的使用情况。</p>
<ul class="simple">
<li><p>需要在 ceph.conf 的 [client.rgw] 段下加
<code class="docutils literal notranslate"><span class="pre">rgw</span> <span class="pre">enable</span> <span class="pre">usage</span> <span class="pre">log</span> <span class="pre">=</span> <span class="pre">true</span></code> 配置，然后重启 radosgw 服务。</p></li>
</ul>
<p>选项有：</p>
<ul class="simple">
<li><p><strong>Start Date:</strong> The <code class="docutils literal notranslate"><span class="pre">--start-date</span></code> option allows you to filter usage
stats from a particular start date (<strong>format:</strong> <code class="docutils literal notranslate"><span class="pre">yyyy-mm-dd[HH:MM:SS]</span></code>).</p></li>
<li><p><strong>End Date:</strong> The <code class="docutils literal notranslate"><span class="pre">--end-date</span></code> option allows you to filter usage up
to a particular date (<strong>format:</strong> <code class="docutils literal notranslate"><span class="pre">yyyy-mm-dd[HH:MM:SS]</span></code>).</p></li>
<li><p><strong>Log Entries:</strong> The <code class="docutils literal notranslate"><span class="pre">--show-log-entries</span></code> option allows you to specify
whether or not to include log entries with the usage stats
(options: <code class="docutils literal notranslate"><span class="pre">true</span></code> | <code class="docutils literal notranslate"><span class="pre">false</span></code>).</p></li>
</ul>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>You may specify time with minutes and seconds, but it is stored
with 1 hour resolution.</p>
</div>
<div class="section" id="id24">
<h3>查看使用情况<a class="headerlink" href="#id24" title="Permalink to this headline">¶</a></h3>
<p>To show usage statistics, specify the <code class="docutils literal notranslate"><span class="pre">usage</span> <span class="pre">show</span></code>. To show usage for a
particular user, you must specify a user ID. You may also specify a start date,
end date, and whether or not to show log entries.:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">usage</span> <span class="n">show</span> <span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="n">johndoe</span> <span class="o">--</span><span class="n">start</span><span class="o">-</span><span class="n">date</span><span class="o">=</span><span class="mi">2012</span><span class="o">-</span><span class="mi">03</span><span class="o">-</span><span class="mi">01</span> <span class="o">--</span><span class="n">end</span><span class="o">-</span><span class="n">date</span><span class="o">=</span><span class="mi">2012</span><span class="o">-</span><span class="mi">04</span><span class="o">-</span><span class="mi">01</span>
</pre></div>
</div>
<p>You may also show a summary of usage information for all users by omitting a user ID.</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">usage</span> <span class="n">show</span> <span class="o">--</span><span class="n">show</span><span class="o">-</span><span class="n">log</span><span class="o">-</span><span class="n">entries</span><span class="o">=</span><span class="n">false</span>
</pre></div>
</div>
</div>
<div class="section" id="id25">
<h3>清理统计日志<a class="headerlink" href="#id25" title="Permalink to this headline">¶</a></h3>
<p>With heavy use, usage logs can begin to take up storage space. You can trim
usage logs for all users and for specific users. You may also specify date
ranges for trim operations.</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">usage</span> <span class="n">trim</span> <span class="o">--</span><span class="n">start</span><span class="o">-</span><span class="n">date</span><span class="o">=</span><span class="mi">2010</span><span class="o">-</span><span class="mi">01</span><span class="o">-</span><span class="mi">01</span> <span class="o">--</span><span class="n">end</span><span class="o">-</span><span class="n">date</span><span class="o">=</span><span class="mi">2010</span><span class="o">-</span><span class="mi">12</span><span class="o">-</span><span class="mi">31</span>
<span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">usage</span> <span class="n">trim</span> <span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="n">johndoe</span>
<span class="n">radosgw</span><span class="o">-</span><span class="n">admin</span> <span class="n">usage</span> <span class="n">trim</span> <span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="n">johndoe</span> <span class="o">--</span><span class="n">end</span><span class="o">-</span><span class="n">date</span><span class="o">=</span><span class="mi">2013</span><span class="o">-</span><span class="mi">12</span><span class="o">-</span><span class="mi">31</span>
</pre></div>
</div>
</div>
</div>
</div>



           </div>
           
          </div>
          <footer>
    <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
        <a href="../s3/" class="btn btn-neutral float-right" title="Ceph 对象网关的 S3 API" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
        <a href="../config-ref/" class="btn btn-neutral float-left" title="Ceph 对象网关配置参考" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
    </div>

  <hr/>

  <div role="contentinfo">
    <p>
        &#169; Copyright 2016, Ceph authors and contributors. Licensed under Creative Commons Attribution Share Alike 3.0 (CC-BY-SA-3.0).

    </p>
  </div> 

</footer>
        </div>
      </div>

    </section>

  </div>
  

  <script type="text/javascript">
      jQuery(function () {
          SphinxRtdTheme.Navigation.enable(true);
      });
  </script>

  
  
    
   

</body>
</html>